Xsolla-logo

Silent authenticationClient-side

get/social/{cross_social_provider_name}/cross_auth

Exchanges the user JWT from Steam, Xbox, or Epic Games for the JWT in your project (projectId).

You will get the link to redirect the user to your project.

To enable silent authentication, use the instruction.

Request
path Parameters
cross_social_provider_name
required
string

Name of the platform the user authorized in. Can be steam, xbox, epicgames.

query Parameters
projectId
required
string <uuid>

Login project ID from Publisher Account.

login_url
string

URL to redirect the user to after account confirmation, successful authentication, two-factor authentication configuration, or password reset confirmation. Must be identical to the Callback URL specified in the URL block of Publisher Account. For the scenario of a login error, the value should be identical to the the Error callback URL specified in the URL block of Publisher Account. To find the settings, go to Login > your Login project and select the Callback URLs section in the upper block. Required if there are several Callback URLs.

fields
Array of strings non-empty

List of parameters which must be requested from the user or social network additionally and written to the JWT. The parameters must be separated by a comma. For example, email.

When the email is requested and the social network did not respond with the email value:

  • the user will be asked to input their email in the corresponding form if you integrated Login Widget,
  • the user must be asked to input their email in the corresponding form of your own interface if you integrated Login API. Please send the URL of this form to your Customer Success Manager.

After the email is inputted, the user receives an email confirmation message. To disable email confirmation, please contact your Customer Success Manager.

session_ticket
string

Session ticket received from the platform encoded according to the Base64 standard.

payload
string

Your custom data. The value of the parameter will be returned in the payload claim of the user JWT. Recommended maximum length less than 500 characters. Note, that this parameter is only available if you use a custom user data storage.

with_logout
string
Default: "0"

Shows whether to deactivate the existing user JWT values and activate the one generated by this call. Can have the following values:

  • 1 to deactivate the existing values and activate a new one,
  • 0 to keep the existing values activated.
app_id
string

Your app ID on the platform. Required if the platform where the user is authorized is Steam.

code
string

Code received from the platform.

is_redirect
boolean
Default: true

Shows how the Xsolla Login server should respond. If you set:

  • true value, the Xsolla Login server returns the 302 response code. URL for user redirection with user JWT will be in the Location header.
  • false value, the Xsolla Login server returns the 200 response code. URL for user redirection with user JWT will be in the response body.
no_user_creation
boolean
Default: false

Do not create new user if they not exist yet. Existing users will be authorized as usual

deployment_id
string

The deployment ID that the client is trying to authenticate with. This will impact interactions with other services that require a deployment. If the deployment is not public, only users who have been entitled will be able to log in. For more information on deployments and deployment IDs see Product, Sandbox, and Deployment IDs. Note: You must use this unique identifier to use the Ecommerce APIs, and to request access tokens used by game clients.

Responses
200

OK

302

Redirection

400

Bad Request

404

Not Found

422

Unprocessable Entity

429

Too Many Requests

Request samples
curl --request GET \
  --url 'https://login.xsolla.com/api/social/{cross_social_provider_name}/cross_auth?projectId=SOME_STRING_VALUE&login_url=SOME_STRING_VALUE&fields=SOME_ARRAY_VALUE&session_ticket=SOME_STRING_VALUE&payload=SOME_STRING_VALUE&with_logout=0&app_id=SOME_STRING_VALUE&code=SOME_STRING_VALUE&is_redirect=true&no_user_creation=false&deployment_id=SOME_STRING_VALUE'
Response samples
application/json
{
  • "login_url": "string"
}